Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

09:35 AM
Jeffrey Burt
Jeffrey Burt
Jeffrey Burt

Cisco: Companies More Proactive About Cybersecurity

The ransomware attacks of 2017 and high-profile credit card system hacks in recent years have convinced organizations that they need to address security before they become victims.

The high-profile hacks of credit card systems over the past few years and the scourge of ransomware attacks that reached lofty levels in 2017 appears to have convinced businesses to become more proactive about cybersecurity, according to an expert in Cisco Systems' security services group.

In an interview with Security Now at this week's Cisco Live 2018 conference in Orlando, Fla., Sean Mason, director of threat management and incident response for Cisco's Security Advisory Services, said he has seen a shift over the past couple of years in customers becoming increasingly interested in learning how to protect themselves against hacks and other cybercrimes rather than simply reacting when an attack occurs.

"For years there was a lot of news and a lot of press around nation-state attacks, and to be fair, a lot more organizations were impacted than truly thought they were," Mason said, adding that their thinking was, "'I'm not doing X, Y, Z, so I don't have to worry about that problem.' That wasn't necessarily true, but that was the mentality. Then we started seeing a lot of credit card hacks."

Many well-known companies were victims of attacks in which cybercriminals stole personal data from millions of customers -- think Equifax, Target, Home Depot, Chipotle and, most recently, MyHeritage. Still, there were businesses that still rationalized their situation by thinking that since they don't process credit card data, they didn't need to worry. (See MyHeritage Data Breach of 92M Accounts Raises Many Questions.)

"Then what really went mainstream a couple of years ago was ransomware," he said. "I hate saying that, because it's a lot less sophisticated in some cases than dealing with a nation-state or even cybercriminals going after credit card data. It's a different way of doing things. It's extremely noisy … and the types of organizations that were hit, all of a sudden it was, 'Oh my gosh, that could be us,' and it really hit home that it no longer just somebody else's problem. It was, 'This could be us tomorrow.' That might have really been the trigger."

Ransomware wasn't new; stealing corporate or personal data and holding onto it until a ransom is paid, usually in cryptocurrency like Bitcoin. However, the malware has become increasingly sophisticated, and broke into the headlines last year with WannaCry, which infected hundreds of thousands of vulnerable Windows PCs and attacked such major companies as Nissan Renault, FedEx and Telefonica until a kill switch was found for it. WannaCry also spawned an array of new ransomware that built off its success. (See WannaCry: How the Notorious Worm Changed Ransomware.)

Security firms such as Check Point have noted that incidences of ransomware have waned a bit from 2017 as threat actors are focusing more on stealing PC CPU cycles to mine cryptocurrencies, but warned that doesn’t mean ransomware is no longer a threat, as the cities of Atlanta and Baltimore learned earlier this year.

WannaCry and other ransomware attacks caught the attention of many customers, Mason said. Cisco's Security Advisory Services group is seeing an increase in requests from companies for help in learning how to protect their corporate networks and data and how to respond when an attack occurs.

The top requests are for tabletop exercises, where participants are put into a low-stress environment and walk through scenarios of potential emergencies to learn and discuss such aspects as operational plans, responses, dealing with stakeholders and communications.

And what most customers want to run tabletop exercises in is ransomware, he said. They're less interested in situations like someone stealing their IP. They want to know what to do if someone takes over their systems and takes control of their data. Many companies can use the training, Mason said. Not many have deep expertise in Bitcoin and some haven't backed up their data, but they understand that if ransomware hits, it's not just about having to pay to regain control of the data, but also the lost productivity. (See Bitcoin & Other Cryptocurrency Prices in Flux Following Hack.)

"Literally, customers with tens of thousands of machines down," he said. "You cannot do work, you cannot run your business, you cannot operate."

The shift toward customers becoming more proactive about security has become pronounced over the past couple of years, with Mason estimating that the split in the security services team's work hitting 70% proactive and 30% reactive.

"It used to be more reactive," he said. "You look at a couple of years ago, it used to be fire, fire, fire, fire, but now it's really starting to shift the other way. That's a good thing. The reactive work is not going away, but we're having more and more asks and requests [for proactive help]. It's actually kind of nice to see that over the last couple of years it's been ticking up more. [Being proactive is] planning ahead for your worst day. That day will come eventually. It's going to happen."

Now entering its fifth year, the 2020 Vision Executive Summit is an exclusive meeting of global CSP executives focused on navigating the disruptive forces at work in telecom today. Join us in Lisbon on December 4-6 to meet with fellow experts as we define the future of next-gen communications and how to make it profitable.

Cisco's security services group also has the ability to leverage the work of the Cisco Talos threat team, which looks at issues around the globe.

"While we're focused on maybe one customer or two customers or whatever number it might be, they're off looking at thousands upon thousands of customers and pulling down data and trying to figure out, 'OK, how can we get ahead of this?'" Mason said. "We may be with a client and may see one thing going on, and we take what little information we may have and say, 'Hey, Talos, what are you seeing?' They see a lot more than we would just see. They might say, 'Guys, this is XYZ,' or, 'This is new' or 'This is old stuff,' or, 'Whoa, we need to get ahead of this.' My team tends to see things nobody else sees quite yet."

Related posts:

— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-12
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to reset the credentials for the SSH administrative console to arbitrary values. Note: We cannot prove this vulnerability exists. Out of an abundance of ...
PUBLISHED: 2020-08-12
** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to remotely disable the device until it is power cycled. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being ...
PUBLISHED: 2020-08-12
** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE i...
PUBLISHED: 2020-08-12
A stored Cross-site scripting (XSS) vulnerability in Firco Continuity allows remote unauthenticated attackers to inject arbitrary web script or HTML through the username field of the login page.
PUBLISHED: 2020-08-12
An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (en...